Secure Virtual Machine Rollback In Cloud Environment

Posted on:2018-11-16

Degree:Master

Type:Thesis

Country:China

Candidate:Y K Du

Full Text:PDF

GTID:2428330566451411

Subject:Cyberspace security

Abstract/Summary:

PDF Full Text Request

Rollback is a mechanism that is widely used in spectrum of system settings,ranging from the thread level to the Virtual Machine(VM)level.While useful in debugging and crash recovering,its security implication is less understood.Existing solutions to the rollback security problem can only deal with deterministic programs,or impose the manual involvement of programmers.Consequently,rollback is prohibited or largely restricted in some systems(e.g.,Intel SGX and virtual Trusted Platform Module).In this paper,we give a systematic characterization of the rollback mechanism's security implication.Then,we propose a general solution to the rollback security problem.To show the effectiveness of the solution,we present the implementation and evaluation of the solution at the VM level.We implement a prototype system called RSEC(Rollback Security)based on Xen hypervisor.RSEC obtains the source code features from the code property graph database of the source code constructed by joern tools.RSEC also implements the rollback related state extraction algorithms based on Python query interfaces on the code property graph database of the target software.RSEC can monitor and record the variation histories of the rollback related states by injecting breakpoints with VMI tools based on previous extracted sensitive state information.Based on the state variation log and the compensation strategies,RSEC can conduct fine-grained state compensation for the software states against rollback vulnerabilities.Our approach will also hook the Xen rollback(boot/resume,save/resume)interface to trigger the sensitive state monitoring,logging and compensation process.Since the all the components of RSEC resides in rollback-free privileged domain different from its protection target software,the protection of RSEC will not be influenced nor interrupted by the rollback.The evaluation results show that RSEC can be easily applied to the existent software,and will not cause severe time overhead during runtime nor the rollback operation.

Keywords/Search Tags:

virtual machine rollback, software state protection, cloud, virtualization, rollback security

PDF Full Text Request

Related items

1	Research On Key Technology Of Coordinated Rollback-recovery Protocols In Cloud Platform
2	Research On Key Technologies For Software Security Protection Based On System Virtualization
3	Fault-Tolerant Of MPI Programs Based On Rollback Recovery
4	The Rollback Reparir Mechanism For MMOG
5	Research On Rollback Recovery Fault-Tolerance Technology In High Availability Cluster
6	Dynamic Cluster Strategy For Hierarchical Rollback-Recovery Protocols
7	Research On Incremental Checkpointing And Rollback Recovery
8	Research Of Rollback Recovery Based On Dependency Tracking And Message Counting
9	Research And Implementation Of Virtual Machine Security Framework In Cloud Platform
10	Research On Rollback Recovery Technology In Distributed Systems